undefined | Better HN

0 pointsdastx5y ago0 comments

It depends on how you want to pin. You probably always want the latest API compatible version for a package like cryptography. But as I read from that thread, it seems cryptography doesn't use semver, thus you doing something like `>=3,<4` is not really feasible. In addition, this change was introduced at 3.4.

0 comments

monocasa5y ago

Pinning is specifying the exact version, so that wouldn't have failed.

dastxOP5y ago

I disagree. If the library follows semver, or has a predictable way of managing its versions, I would personally set it as broad as possible without breaking compatibility. Especially with something like cryptography. If a critical bug is found, you don't wanna be stuck at a version from a few years ago. Setting a broad pinned version allows you to update this as part of your day to day development.

monocasa5y ago

I mean, literally the term "pinning" is setting the exact version.

If you're setting just constraints but not a specific version, then you're not pinning.

j / k navigate · click thread line to collapse

0 pointsdastx5y ago0 comments

0 comments

monocasa5y ago

Pinning is specifying the exact version, so that wouldn't have failed.

dastxOP5y ago

monocasa5y ago

I mean, literally the term "pinning" is setting the exact version.

If you're setting just constraints but not a specific version, then you're not pinning.

j / k navigate · click thread line to collapse